Filtered by vendor Njtech Subscriptions
Filtered by product Greencms Subscriptions

Search

Switch to Advanced Search (Beta)
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-14244 2 Greencms, Njtech 2 Greencms, Greencms 2025-12-23 2.4 Low
A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-22570 1 Njtech 1 Greencms 2025-06-20 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-21366 1 Njtech 1 Greencms 2024-12-10 8 High
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.
CVE-2022-28918 1 Njtech 1 Greencms 2024-11-21 8.1 High
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
CVE-2018-12604 1 Njtech 1 Greencms 2024-11-21 N/A
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
CVE-2018-11671 1 Njtech 1 Greencms 2024-11-21 N/A
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
CVE-2018-11670 1 Njtech 1 Greencms 2024-11-21 N/A
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.